CVE-2015-2060

cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:cabextract_project:cabextract:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Information

Published : 2019-11-29 13:15

Updated : 2021-04-26 04:45


NVD link : CVE-2015-2060

Mitre link : CVE-2015-2060


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

cabextract_project

  • cabextract

linux

  • linux_kernel